36b883e255d3682a5a4b5bf1f936a26871329085c8ac846d6362d70c58a0ce21

Analysis

max time kernel
117s
max time network
146s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 07:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d7015aa8f495f7023eb7d12a677cff5_JaffaCakes118.exe
Size

228KB
MD5

4d7015aa8f495f7023eb7d12a677cff5
SHA1

a9f41214c0b1c3a86c355832b63be433b36c0a96
SHA256

36b883e255d3682a5a4b5bf1f936a26871329085c8ac846d6362d70c58a0ce21
SHA512

692a15188445f5b3c6330f2ac50a1bc1fafddf4b10ec33e2df2be67f79bd604f8e72b1226d32cb03561773d78fa91157a91673c8c806911b8ffe3605c29b010b
SSDEEP

6144:OuaJEFDFY0ph7n2/2Z5ie1O34lyzOWJz/zImABhU:OuaJEBO2lDZ5z1+zOWJzks

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2412	saeimit.exe

Loads dropped DLL 7 IoCs

pid	Process
2704	4d7015aa8f495f7023eb7d12a677cff5_JaffaCakes118.exe
2704	4d7015aa8f495f7023eb7d12a677cff5_JaffaCakes118.exe
1080	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1080	2412	WerFault.exe	30

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2704	4d7015aa8f495f7023eb7d12a677cff5_JaffaCakes118.exe
2412	saeimit.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 2412	2704	4d7015aa8f495f7023eb7d12a677cff5_JaffaCakes118.exe	30
PID 2704 wrote to memory of 2412	2704	4d7015aa8f495f7023eb7d12a677cff5_JaffaCakes118.exe	30
PID 2704 wrote to memory of 2412	2704	4d7015aa8f495f7023eb7d12a677cff5_JaffaCakes118.exe	30
PID 2704 wrote to memory of 2412	2704	4d7015aa8f495f7023eb7d12a677cff5_JaffaCakes118.exe	30
PID 2412 wrote to memory of 1080	2412	saeimit.exe	31
PID 2412 wrote to memory of 1080	2412	saeimit.exe	31
PID 2412 wrote to memory of 1080	2412	saeimit.exe	31
PID 2412 wrote to memory of 1080	2412	saeimit.exe	31

C:\Users\Admin\AppData\Local\Temp\4d7015aa8f495f7023eb7d12a677cff5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4d7015aa8f495f7023eb7d12a677cff5_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Users\Admin\saeimit.exe
  "C:\Users\Admin\saeimit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2412
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 188
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\saeimit.exe

Filesize
228KB

MD5
6d946ad94909a96188f3664b74b638c6

SHA1
32b466cbafd916084518f50a6ecba63562768964

SHA256
0119d63507fe677f2a8c8b44e4d6ac31f407b91f98904112fce0100fab9107b4

SHA512
a2028bbdf1ec94c2645a0cb2f2537b05dd34d74464de24199eeac51b905cd1e9800798ee8a340b91e6b4715004d5605f3ff1fe2e6d4671f4ab854d8e1ceb96cc

Download Submit